From: Jonatan Kronqvist <jonatan.kronqvist@itmill.com>
Date: Wed, 28 Sep 2011 10:42:22 +0000 (+0000)
Subject: Updated release notes for 6.6.7
X-Git-Tag: 6.7.0~14^2~8
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=95b32ab60e99e16db5bb6911ce102ea77fc0d57b;p=vaadin-framework.git

Updated release notes for 6.6.7

svn changeset:21407/svn branch:6.6
---

diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html
index 9f11093091..a65b8459fb 100644
--- a/WebContent/release-notes.html
+++ b/WebContent/release-notes.html
@@ -57,6 +57,14 @@ widget sets and refresh your project in Eclipse. If you are upgrading from
 package). See <a href="#upgrading">General Upgrade Instructions</a> for more details on upgrading.</p>
 <!-- ====================================================================== -->
 
+<h3>Security fixes in Vaadin Framework 6.6.7</h3>
+<ul>
+    <li><a href="http://dev.vaadin.com/ticket/7669">#7669</a> CSRF/XSS vulnerability through separator injection</li>
+    <li><a href="http://dev.vaadin.com/ticket/7670">#7670</a> Directory traversal vulnerability</li>
+    <li><a href="http://dev.vaadin.com/ticket/7671">#7671</a> Contributory XSS: Possibility to inject HTML/JavaScript in system error messages</li>
+    <li><a href="http://dev.vaadin.com/ticket/7672">#7672</a> Contributory XSS: possibility for injection in certain components</li>
+</ul>
+
 <h3>Enhancements in Vaadin Framework 6.6</h3>
 
 <p>General enhancements:</p>
@@ -100,6 +108,25 @@ package). See <a href="#upgrading">General Upgrade Instructions</a> for more det
   <li>Server communication methods in <b>ApplicationConnection</b> can now be overridden (<a href="http://dev.vaadin.com/ticket/6885">#6885</a>)</li>
 </ul>
 
+<h3>Fixes in Vaadin @version@</h3>
+    <p>
+    #7669   CSRF/XSS vulnerability through separator injection
+    #7670   Directory traversal vulnerability through AbstractApplicationServlet.serveStaticResourcesInVAADIN()
+    #7671   Contributory XSS: Possibility to inject HTML/javascript in system error messages
+    #7541   Table.setColumnCollapsed("id",true) will cleared PropertyDataSource for any fields in table item properties
+    #7672   Contributory XSS: possibility for injection in certain components
+    #3125   Portlet size is not updated when window is resized
+    #6420   Solution for menu too long.
+    #7560   ComboBox: Writing the name of a new item and clicking on drop down menu works inconsistently.
+    #7653   Update screenshots for Safari 5.1
+    #7654   Update screenshots for Safari 5.1
+    </p>
+        <p>
+            The <a
+                href="http://dev.vaadin.com/query?status=closed&type=defect&milestone=Vaadin+6.7.0.rc1&or&status=closed&type=defect&milestone=Vaadin+6.7.0.beta1&group=status&col=id&col=summary&col=owner&col=type&col=priority&col=component&col=version&order=priority">full
+                details of the defects</a> can be found at dev.vaadin.com.
+        </p>
+
 <h3>Backward-Incompatible Changes in Vaadin Framework 6.6</h3>
 
 <ul>